Wireshark-bugs: [Wireshark-bugs] [Bug 2482] Some Wireshark Firewall ACL Rules are off-the-mark
Date: Mon, 21 Apr 2008 10:08:31 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2482





--- Comment #2 from Priscilla Oppenheimer <po@xxxxxxxxxxxxx>  2008-04-21 10:08:29 GMT ---
Cisco IOS Extended ACLs are also off-the-mark (squirrelly as I lazily said
before. :-)

For comparison sake, consider, as I mentioned before, that iptables is good for
the situation where we want to  block the scanner from sending to ports 0 and
443. These  rules are right:

iptables -A INPUT -p tcp --destination-port 0 -j DROP
iptables -A INPUT -p tcp --destination-port 443 -j DROP


The Cisco IOS Extended ACLs, on the other hand, don't match the iptables logic
and are off-the-mark (at least for my needs). Wireshark chooses the wrong
source address (the target rather than the scanner):

access-list NUMBER deny tcp host 192.168.1.123 any eq 0
access-list NUMBER deny tcp host 192.168.1.123 any eq 443

Thanks for looking into this.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.